Paul Stapleton, Managing Director of NIE Networks talks to Owen McQuade about the challenges in running an electricity network business and how the grid is facilitating the transition to a low carbon energy future. NIE Networks operate the electricity distribution network in Northern Ireland. It is an extensive network of 47,000 km with around 300...

Head of Energy Strategy Division in the Department for the Economy, Joe Reynolds, discusses the challenges facing the development of a future energy strategy for Northern Ireland and the trends affecting its perceived outcomes. Contextualising energy policy in Northern Ireland as being currently caught between the 2010 Strategic Energy Framework and the development of a...

Katy Hayward of Queen’s University Belfast offers her reflections on Brexit, borders and their potential impacts on criminal justice co-operation in Ireland. Opening her presentation, Hayward suggests that many questions remain unresolved in relation to the impact of Brexit on security and criminal justice cooperation in Ireland. Indeed, throughout her analysis she notes that the...

Paul Wickens, Chief Executive of Enterprise Shared Services (ESS) for the Northern Ireland Civil Service (NICS), discusses the journey of digital government in Northern Ireland to date and offers some insight on the future roadmap of three new key strategies. Paul Wickens outlines that a lot has changed since the original concept of nidirect and...

Cyber-security: getting the basics right

PwC’s cyber team highlight the importance of cyber security and offer their top 5 tips for survival.

A medium-sized Northern Ireland company recently discovered that their online banking system had transferred over £110,000 to China. Just a few miles away, a service-solutions company had all the data in their computers encrypted and were told that if they paid a hefty ransom the data would be released.

A local manufacturing company was confronted by a product identical to their own, only much cheaper made in the Far East by a company that just happened to have hired an ex-employee.

Welcome to just a few of the problems PwC’s cyber team has experienced but even if the perpetrators have fled down the information superhighway, catching up – and even getting redress – is not impossible. Cybercrime may be a $3 trillion a year business but the PwC experience is that cyber-criminals can and are being identified; however being prepared is a more effective policy than being a victim.

PwC’s experience is that typically, 70 per cent of Northern Ireland’s companies with an online presence could expect to experience some form of technology and/or data-related incident in the next 12 months, with less than half of these incidents being identified immediately.

Whether that attack is successful or repulsed, is down to the business and its management, but PwC’s cyber experts offer their top five tips for survival:

1. Cybercrime is not an IT issue: Companies and their boards need to decide who is responsible. It’s not solely an IT issue – it’s a boardroom issue and if cybersecurity is not on the board’s agenda, then executives are ignoring that more than half of all IT security breaches are caused by staff.

2. The most vulnerable companies have poor culture and lacklustre processes: Collectively, these issues combine to cause most of the trouble. Access to a wide range of technology is essential for almost every business to operate in a world dependent on the web but organisations must consider the risks and be confident in their capability to manage them if they are to escape the inevitability of fraud or cyberattack.

3. Understand what you want to protect and then define the risk of protecting it: Who can initiate new customer accounts; are existing customers’ financial and trading details freely available; who can authorise online and banking transactions; who controls passwords, networks and IT access; where do designs, drawings and vital intellectual property reside and who can access them?

4. People are the weakest link: The Information Security Breaches Survey 2015, commissioned by the Department for Business, Innovation and Skills (BIS), undertaken by PwC and which included a number of Northern Irish companies, claims that 50 per cent of the worst security breaches identified were caused by inadvertent human error – further emphasising the importance of culture and processes.

5. It’s not about managing technology: it’s about managing people and processes: Companies need to get the culture right and provide training for staff on basic awareness when using company computers and mobile devices such as smartphones, iPads and USB keys. Everyone from the top down needs to understand that their assets – from intellectual property to cash in the bank – all have value and that’s why people want to buy or steal them.

In summary, cybercrime is a fact of modern life, so learn to deal with it aggressively and strategically. Vigilant companies with alert staff, good cultures and a clear understanding of what they want to protect, are much, much less likely to become victims than those who believe that ‘statistically, it will never happen to me.’ That means it is worth taking professional guidance as to the robustness of your cyber policies and it’s also worth reading the Government’s cyber security guidance which offers directors some practical steps to protect their business and can be accessed at: